package com.veetao.api.filter;

import javax.servlet.http.HttpServletRequest;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import com.veetao.api.consts.HttpConstants;
import com.veetao.api.model.ApiResult;
import com.veetao.api.model.ApiResultCode;
import com.veetao.api.model.UserAction;
import com.veetao.api.resp.CommonResultResp;
import com.veetao.api.service.CommandLookupService;
import com.veetao.api.service.impl.UserActionManageService;
import com.veetao.api.utils.McpUtils;
import com.veetao.api.utils.NumberUtil;
import com.veetao.api.utils.RequestUtils;

@Component
public class UserActionPermissionChecker extends ApiRequestChecker {



	@Autowired
	private UserActionManageService actionManageService;
	@Autowired
	private CommandLookupService commandLookupService;

	public UserActionPermissionChecker() {
		super();
		this.setOrder(6);
	}

	@Override
	public ApiResult check(HttpServletRequest request) {
		String version = RequestUtils.get(request, HttpConstants.PARAM_VER);
		String methodName = McpUtils.getCmdMethodFromURI(request.getRequestURI());
		if(!this.commandLookupService.isNeedLogin(methodName, version)) {
			return SUCC_RESULT;
		}
		
		String userIdStr = RequestUtils.get(request, HttpConstants.PARAM_UID);
		if(!NumberUtil.isNumber(userIdStr)) {
			return new ApiResult(ApiResultCode.SUCCESS, CommonResultResp.buildFailResult("300000","无效的登录信息"));
		}
		int userId = Integer.valueOf(userIdStr);
		UserAction forbidAction = actionManageService.getUserForbidAction(userId, methodName);
		if(forbidAction != null) {
			return new ApiResult(ApiResultCode.SUCCESS, CommonResultResp.buildFailResult("300000",forbidAction.getForbidPrompt()));
		}
		return SUCC_RESULT;
	}

}
